Let’s start with an article that describes how someone took over locked Instagram accounts by changing an ID. That’s interesting because I discovered something similar in another app very recently. I think this is why it’s important to regularly review the bigger picture. In this case, that means asking: „What if someone skips a few steps of the ‘locking-an-account‘ workflow and just changes an ID?“.
And now for (not so) completely different articles:
How to inspect the magic bytes of images to fix some problems with the branded vulnerability ImageTragick.
Pastejacking
You think you’re copying an innocent command in the browser, but it’s evil.
Harden Firefox security settings
OS X Security and Privacy Guide
A practical guide to securing OS X.
How to store secrets in a git repository
The Origins of the <Blink> Tag
This is not related to security, but from the history book. The origins of the <blink> tag: Someone was drunk
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
